[原文]Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.

-
公告与补丁

-
漏洞信息

-
漏洞描述

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered by an unspecified flaw in the parsing of executable files, and will result in loss of availability for the platform.

-
时间线

公开日期:
2005-04-12

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

-
不受影响的程序版本

Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.3.9

-
漏洞讨论

Apple Mac OS X is prone to a local denial of service vulnerability. This issue is exposed when the Mac OS X kernel processes an executable file, causing temporary interruption of services on the computer.

It should be noted that this issue was previously reported in BID 13203 (Apple Mac OS X Kernel Multiple Local Privilege Escalation And Denial Of Service Vulnerabilities); it has been assigned its own BID.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

-
解决方案

Apple has released security advisory APPLE-SA-2005-04-15 along with fixes dealing with this issue. Please see the referenced advisory for more information.